Library
Library
A selection of materials from DRI International is available here as an added benefit for DRI members. We hope you enjoy this informative collection of industry information and research.
Event: Annual Conference - DRI2024
Author: Harvey Nusz
Acceptable Risk – a term that should be at the foundation of your corporate risk program. When it comes to organizational risk management it should be foundational that a clear and singular definition of acceptable risk has been established that can be used to evaluate risk to the business. Too many companies operate with multiple definitions and blind spots in the identification of critical risks. Each enterprise must seek to have a unified definition that can be used to compare risk and facilitate the prioritization of risks and mitigation. There are three common challenges we will explore: First, the absence of a single encompassing definition of acceptable risk. Second, the tendency to focus on physical assets over other risk assets. Risk can present itself in many forms to include supply chain, processes, service providers, software, and even specific individuals or roles. Third is the energy that is spent collecting an inventory of critical assets that are not linked to risk mitigation actions. We will take a deeper dive into these three common challenges. Some tools we will look at include: • Governance principles • Understanding your critical assets • Risk management principles and strategies • Importance of a risk register supported by the business, without silos – updated regularly, communicated and reviewed • Data protection impact assessment • Postmortem reviews and lessons learned – when is a lesson really learned? This session will discuss how addressing these challenges and implementing these tools and principles will enable organizations to enhance their ability to better identify and achieve Acceptable Risk for their critical assets, and foster a culture of governance, compliance, awareness and management. The presenter will work with DRI to identify a company wanting to discuss a current issue in acceptable risk and utilize a portion of this interactive session as a workshop to identify potential risk mitigations.
Event: Annual Conference - DRI2024
Author: Andrea Abrams, Steven Lei
Have you ever experienced higher volumes of unexpected leaves of absence that negatively impacted operations? How is human capital integrated into your business continuity program? Going beyond tracking employee residential zip codes, are you integrating this essential part of your enterprise in more than a perfunctory way? Whether your entity’s dependencies involve union labor or a recruitment pool whose tastes are changing, to stay on the leading edge of resilience you must incorporate planning for human capital risk into your business continuity plan. In this interactive workshop we’ll talk through strategies to get started and encourage attendees to share from their experience.
Event: DRI Collegiate Conference - NYU - Oct. 6, 2023
Author: Rouz Hashemi, CCRP,
A proper cyber resilience approach has always required business and technology stakeholders to interact, decide, and set appropriate risk tolerance. But with the National Institute of Standards and Technology (NIST) adding the term “govern” to its framework, what is the opportunity for change and improvement? In this session, we will discuss how merging cyber resilience and cybersecurity under the NIST framework will enable organizations to be better prepared for and better able to respond to and recover from cyberattacks in a more tangible manner.
Event: DRI Webinar
Author: Riskonnect
Natural disasters, civil unrest, transportation disruption and crime are just a few of the threats that can affect your operations in an instant. How do you actively monitor everything? The answer is threat intelligence. Threat intelligence is increasingly becoming an important early-warning part of broader business continuity programs. This webinar explains the value of threat intelligence, how it connects to broader continuity and resilience program outcomes, and how you can incorporate it into your program. You'll discover how to get ahead of risk and learn from the threats that are actively affecting your operations, locations, and people. NOTE: This is a sponsored webinar with content produced by Riskonnect. The information contained in this presentation represents the views and opinions of Riskonnect and does not necessarily represent the views or opinions of DRI International.
Tags: Risk Assessment
Event: DRI Collegiate Conference - University of Texas at Dallas - Mar. 28, 2023
Author: Michelle Cross
Talk about risky business! One of the most fascinating and mind-bending aspects of business continuity is its relationship with insurance and risk. Michelle Cross, Vice President, Fidelity Institutional Business Continuity will discuss how these disciplines should co-exist for maximum resilience.
Event: DRI Resilience Excellence Summit 2022
Author: Dr. Gianluca Pescaroli
DRI welcomes Dr. Gianluca Pescaroli for an in-depth tour of his research on building and improving the continuity of operations during disruptive events, minimizing their impacts, and increasing resilience of the public and private sectors. This includes managing complex challenges such as cascading risks, critical infrastructure failures, systemic and compound dynamics. His work is impact -oriented, aiming to bridge academia and practice. In 2016, he co-founded the Research Group on Cascading Disasters at UCL. Since then, he contributed to strategic documents such as the UN Office for Disaster Risk Reduction’s Guidelines on National Risk Assessment, and edited reports such as the Guidelines on Cascading Effects of Wide-Area Power Failures in collaboration with London Resilience.
Tags: Disaster Scenarios, Emergency preparedness, Emergency response, Europe, Risk Assessment, Risk Management, Ukraine, UNISDR
Event: Annual Conference - DRI2022
Author: Alison Tarnopol, Michelle Cross
Understanding third party vendor risk is essential for organizational resiliency. This session will address best practices for assessing vendor risk and resiliency. We will review how to evaluate residual risks and potential impacts to incorporate vendor risk into a comprehensive resiliency program. We will also review using data analytics to better quantify and rate residual risk.
Tags: Best Practices, Resiliency, Resilient Enterprise, Risk Assessment, Vendor Assessment
Event: Annual Conference - DRI2022
Author: Gayle Anders, TJ Mead
Taking Netflix’s unique culture into account, we have developed a strategic vision for the Enterprise Resilience (ER) program to identify where our critical assets are, how resilient they currently are, and how to increase their resilience when and if needed. This process includes: • Educating leadership and risk owners of their resilience risk posture • Developing a critical interdependency map to identify areas of unseen risk • Providing guidance and mitigation expertise to risk owners who require it The framework is built on the development of standardized, intuitive, and quantifiable business continuity, technology continuity, and corporate resilience measurements enabling teams to be aware of their resilience posture and to make the best possible resilience decisions.
Tags: Resilient Enterprise, Risk Assessment, Risk Management
Event: Annual Conference - DRI2020
Author: Roger A. Stearns
No matter if your company is small, medium or a global company we all have risks and we all have business continuity management programs. Our approach to supply chain risk will work for your organization as well. We have partnered with our internal business partners to create a fully integrated risk platform for supply chain risk management. During this session, we will cover supply chain and interdependent organizations, how risk is interpreted and the use of risk assessments, the crisis management continuum and mapping critical resources both internal and external. We will also discuss the use of environmental monitoring and your business continuity management system (BCMS). The 2019 and 2020 supply chain disruption predictions have been understated in my opinion. This approach to integrated risk management is our way to resilience and a more resilient organization.
Tags: Risk Assessment, Supply Chain
Event: Annual Conference - DRI2020
Author: Stephen Woods
With over 400 buildings on 415 acres, including 4.4 million square feet of research space, Yale University was challenged with conducting a university-wide risk assessment and BIA. This session will explore how Yale incorporates financial information, specifically grant funding, into their risk assessment and BIA process to help identify and prioritize facilities and departments.
Tags: BIA, Risk Assessment
Event: Annual Conference - DRI2020
Author: Jeanne D. Powell
Nothing in life happens in a vacuum and disasters are at the top of that list. Like a pebble dropped in a pond creates ripple effects, disasters always spawn multiple and various types of after effects in all possible directions, dimensions, timings, and each with their own consequences. Known risks usually have mitigation options. After Effects are not known until they happen. BCPs usually guide handling a singular disaster incident. However, BCPs rarely identify and document steps to resolve the spreading, pervasive, collateral, and consequential ramifications of after effects. Come join us and learn methods to identify and tackle different aspects and considerations of after effects and how to reduce their consequences. This session includes such things as definitions, a repeatable process methodology, characteristics for consideration, a practical walkthrough, and much more. Ripple effects tend to be two dimensional and far less consequential. What really happens are after effects. I thought of this topic because a disaster causes a multidimensional scattering of consequential after effects; each of which occurs at different times, has multifaceted characteristics and effects, with unique timelines and life cycles (my definition).
Tags: Risk Assessment
Event: Annual Conference - DRI2020
Author: Michele Corvino
The headlines are full of new technologies that are presented as threats to companies’ resilience. Have you ever stopped to consider how new technologies will impact the practice of business continuity beyond simply what types of events to consider in planning? In this presentation, we will look at how business continuity professionals will analyze risk and mitigate potential threats by leveraging new technologies in the next five years.
Tags: Risk Assessment, Technology
Event: Annual Conference - DRI2020
Author: Lyndon Bird, Boris Issavi
What risks are you most concerned about? How well prepared are you to manage them? How do you think our profession will change over the next few years? In this highly-interactive session, participants will have the opportunity to vote on a number of the key issues which have emerged from the DRI Future Vision Committee regular reports (Trends, Predictions and Careers). The presenter will respond to voting as it happens, providing instant feedback and opinion. Please come to this session ready to participate, debate, and even argue if you wish. Challenging and controversial opinions are welcome. Your input and the conclusions we reach as a group will be included in future FVC reports and will influence DRI thought leadership perspectives.
Tags: Risk Assessment, Trends and Predictions
Event: DRI Webinar
Author: Steve Yates, Andy Tomkinson
Take a look at how a major public event - in this case, the 2012 London Olympics prepares for and plans against mega-sized risks. This presentation will take you through the steps that were used during the preparation, planning and execution of the London Olympics and Paralympics Games, for which such “Mega Events” are classified as the “Greatest Show on Earth.”
Tags: Europe, Risk Assessment, Risk Management
Event: Annual Conference - DRI2018
Author: Dan See
Have you done a Risk Assessment lately, ever? Do you have a risk methodology to work with? Do you know the critical assets that really allow your organization to meet its business goals? What keeps you and your leadership up at night? This risk assessment workshop will put your conference time to good use and go beyond talking about risk assessments – you’ll actually do a risk assessment. Using a combination of lecture and practical exercise you will be able to go back to your organization and put your new risk assessment skills to use/ The workshop will cover risk methodology (analyzing, reporting, managing); undesirable events; performing the analysis (impact, threat, vulnerability) risk identification; risk mitigation; and risk reporting.
Tags: Risk Assessment, Risk Management
Event: Annual Conference - DRI2018
Author: Roberta Witty
Educating business managers on the business value of business continuity management (BCM) is a challenge for many organizations. Often, this challenge arises because business managers don’t understand or appreciate the value of availability risk information or their relationship to it. This lack of understanding of how availability risk links to business performance is a leading cause of BCM programs having a great, exciting start, but ending in their long-term demise. In this session, we will discuss the following key issues: What do boards and line-of-business executives want from continuity of operations programs? How do the risk-based disciplines impact corporate performance? How can you use KPIs and KRIs to present a defensible case for the value and effectiveness of BCM to an executive audience?
Tags: Risk Assessment, Risk Management
Event: Annual Conference - DRI2018
Author: Mike Mastrangelo
The University of Texas Medical Branch at Galveston was recently invited to meet with the Department of Homeland Security, Office of Health Affairs to present on UTMB’s 3-year effort to develop a national model for response to major chemical incidents such as releases of toxic industrial chemicals like Hydrofluoric Acid (HF). Unlike other chemical releases, HF produces a heavier-than-air persistent vapor cloud that is toxic to people, animals, and plant life. Specific medical countermeasures are needed to treat HF injuries, yet these are in short supply. Department of Homeland Security also recently completed a three-year effort to develop a new framework and strategic approach to chemical incident preparedness (for terrorist incidents and accidents). Although the efforts were independent, there were many commonalities, including the use of advanced computational modeling by Lawrence Livermore National Laboratory to simulate chemical release scenarios. Another significant similar approach was to enhance the risk assessment process to incorporate information about the jurisdiction’s response capability. A new toolset was developed called a Response Risk Assessment (RRA). In its pilot program, DHS completed the RRA at five cities across the United States (including Houston as part of the Super Bowl preparedness effort). At the conclusion of the meeting, the Office of Health Affairs and UTMB agreed to pilot test the RRA Toolset in Galveston County Texas with the assistance of UTMB. The ultimate goal is to roll out the toolset to all U.S. jurisdictions for self-assessments. The presentation will use HF as a case study on use of an enhanced risk assessment process to build healthcare continuity. Another aspect of preparedness examined is the use of a combination of an all-chemical hazards approach – with – a specific planning approach for Priority Risk chemicals in a given region. UTMB now sponsors an annual HF incident symposium that includes national and international experts in various aspects of the response. Honeywell, the world’s largest producers of HF, participates in UTMB’s annual HF Exercise and Symposium. The project won a University of Texas National Security Excellence grant and was the basis for a recent award of a Combined Coordinated Terrorist Attack (CCTA) preparedness grant from Department of Homeland Security/FEMA.
Tags: Healthcare, Risk Assessment
Event: Annual Conference - DRI2017
Author: Mary Gardner
This session will provide an overview of the 2017 World Economic Forum (WEF) Risk Report. 2017 marks the twelfth year that the WEF surveys over 800 global leaders to determine their top ten risks. In recent years, societal, geopolitical and environmental threats have come to supplant economic risks as issues of greatest global concern. As our world continues to be more interconnected, a holistic risk management approach needs to consider the interdependencies between risks. The 2016 WEF Risk Report called for actions to build resilience. This session will identify practical examples of how this could be done.
Tags: Resiliency, Global Strategy, Risk Assessment, Risk Management
Event: DRI Collegiate Conference - University of St. Thomas - April 23 2016
Author: Mike Mastrangelo
Given the high level of risk at the UTMB Campus, we work to eliminate the subjectivity of the risk assessment process as much as possible and to quantify that risk where possible. The risk assessment process is the foundation of UTMB's Preparedness Program and it affords officials the the best information to optimize preparedness and respond to incidents. An overview of the Preparedness Program will be provided - looking at specific examples of risk quantification including hurricanes and chemical incidents (Hydrofluoric Acid incidents in particular).
Tags: Healthcare, Higher Education, Risk Assessment